364820 matches found
CVE-2026-36791
Shenzhen Tenda Technology Co., Ltd Tenda O3v3 v1.0.0.5 was discovered to contain a stack overflow in the savelistdata parameter of the formSetCfm function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...
CVE-2026-36771
Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.32204 was discovered to contain a stack overflow in the wlradio parameter of the formwrlSSIDset function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...
CVE-2026-36726
An arbitrary file deletion vulnerability in the /api/delete-temp-license/file endpoint of bookcars v8.3 allows unauthenticated attackers to delete arbitrary files via supplying directory traversal sequences...
CVE-2026-36777
Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.32204 was discovered to contain a stack overflow in the param1 parameter of the formSetCfm function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted HTTP request...
CVE-2026-36728
A markdown based cross-site scripting XSS vulnerability in the AI assistant chat function of FastapiAdmin v2.2.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into a chat message...
CVE-2026-36770
Shenzhen Tenda Technology Co., Ltd Tenda USW3V1.0BR v1.0.0.3 was discovered to contain a stack overflow in the Go parameter of the asktoreboot function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...
CVE-2026-36772
Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.32204 was discovered to contain a stack overflow in the wlradio parameter of the formwrlSSIDget function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...
CVE-2026-36773
Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.32204 was discovered to contain a stack overflow in the Go parameter of the asktoreboot function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...
CVE-2026-36727
An insecure authentication vulnerability in the /api/social-sign-in endpoint of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token...
CVE-2026-36723
An unrestricted file rename vulnerability in the /api/create-user component of bookcars v8.3 allows authenticated attackers to leverage directory traversal sequences to move arbitrary files from temporary storage to arbitrary locations on the server filesystem. This enables unauthorized access to...
CVE-2026-36719
An information disclosure vulnerability in the /api/v1/user/info endpoint of AgentChat v2.3.0 allows unauthenticated attackers to obtain sensitive information, including SHA256 password hashes, via enumerating user IDs...
CVE-2026-36721
A lack of cryptographic signature verification in the validateAccessToken function of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token...
CVE-2026-36720
Insecure permissions in bookcars v8.3 allows authenticated attackers to escalate privileges from user to admin via modifying their user type...
CVE-2026-36725
A markdown based cross-site scripting XSS vulnerability in the /system/notice/create endpoint of FastapiAdmin v2.2.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the noticecontent parameter...
CVE-2026-36722
An authenticated arbitrary file upload vulnerability in the /api/create-car-image component of bookcars v8.3 allows attackers to execute arbitrary code via uploading a crafted file...
CVE-2026-36724
An uncaught exception in the /application/job/update/id endpoint of FastapiAdmin v2.2.0 allows authenticated attackers with the moduletask:job:update permission to cause a Denial of Service DoS via manipulating the func field of scheduled tasks...
CVE-2026-30141
An issue was discovered in bitbank2 AnimatedGIF v2.2.0. A buffer overflow in the DecodeLZW function allows remote attackers to cause a denial of service crash or potentially execute arbitrary code via a crafted GIF file...
CVE-2025-55658
GPAC MP4Box v2.4 was discovered to contain a floating point exception in the gfopusparsepacketheader function mediatools/avparsers.c. bThis vulnerability allows attackers to cause a Denial of Service DoS via a crafted MP4 file...
CVE-2025-52293
A segmentation violaton in the gfhevcreadspsbsinternal function mediatools/avparsers.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying crafted HEVC SPS data...
CVE-2026-10045
Shenzhen Kangda Xin Intelligent Network Technology Company's router, model DR300, version 2.1.2.121, contains hardcoded login credentials and has telnet enabled by default on WAN and LAN interfaces. These vulnerabilities allow attackers to read and write to memory, modify firmware stored in flash...
CVE-2025-55659
A NULL pointer dereference in the cttsboxwrite function isomedia/boxcodebase.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...
CVE-2025-55651
A NULL pointer dereference in the gfisomgetuserdatacount function isomedia/isomread.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...
CVE-2025-55657
A NULL pointer dereference in the gfodfvvccfgwritebs function odf/descriptors.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...
CVE-2025-52292
A stack buffer overflow in the fileinprocess function infile.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...
CVE-2023-43688
An issue was discovered in Malwarebytes 4.x and 5.x and Nebula 2020-10-21 and later. There is a Heap buffer overflow in various buffer encryption utilities...
CVE-2023-29146
The utility functions used by Malwarebytes EDR 1.0.11 on Linux for calculating a cryptographic hash of data bytes truncate the hashed data if it exceeds 4GB. This leads to an integer wrap-around if the data is larger than the maximum unsigned integer value 32-bit. Attackers could create a collidi...
CVE-2023-43686
An issue was discovered in Malwarebytes 4.x and 5.x and Nebula 2020-10-21 and later. A large number of Firefox preference files can cause the parser to ignore other browser configuration files, leading to a denial of service...
CVE-2026-50636
The RemoteControl API methods inviteparticipants and remindparticipants pass a caller-supplied token-ID array into TokenDynamic::findUninvited, which concatenates the values directly into a tid IN '...' SQL clause without parameterization or input validation. A remote, authenticated attacker...
CVE-2026-50635
LimeSurvey constructs account password-reset links from the client-supplied HTTP Host header without validating it. The optional allowedHosts allowlist that would constrain this is undefined in the default and documented configuration, so LSHttpRequest::checkIsAllowedHost results in no operation....
CVE-2026-50512
Missing authentication for critical function in Microsoft PC Manager allows an authorized attacker to elevate privileges locally...
CVE-2026-50511
Improper link resolution before file access 'link following' in Microsoft PC Manager allows an authorized attacker to elevate privileges locally...
CVE-2026-48293
InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2026-44275
Dell/Alienware Purchased Apps, versions prior to 1.1.32.0, contain an Improper Link Resolution Before File Access 'Link Following' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write...
CVE-2026-41116
Dell Inventory Collector Client, versions prior to 13.8.0, contain an Improper Link Resolution Before File Access 'Link Following' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write...
CVE-2026-34706
InCopy versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2026-34707
InCopy versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2026-34708
InCopy versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2026-34703
InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this...
CVE-2026-34705
InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a...
CVE-2026-34704
InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this...
CVE-2026-34702
InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2026-34701
InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2026-34699
InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2026-34698
InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2026-34700
InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2026-34696
InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2026-34697
InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2026-34695
InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...
CVE-2026-34694
Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...
CVE-2026-34693
Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. An attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's...